The Central Bank of Nigeria (CBN) has directed banks and other financial institutions to submit detailed cybersecurity assessments under a newly deployed supervisory framework, warning that false disclosures will attract sanctions.
In a circular dated March 30 and signed by Olubunmi Ayodele-Oni, Director of the Compliance Department, the apex bank announced the rollout of its Cybersecurity Self-Assessment Tool (CSAT) as part of efforts to strengthen resilience across the financial system.
The CBN said the tool is “a structured supervisory instrument designed to obtain comprehensive information on the cybersecurity posture of regulated institutions,” covering areas such as governance, risk management, third-party controls, incident response and operational resilience.
It stressed that insights from the exercise would “support risk-based supervision and enhance regulatory oversight of cybersecurity risks.”
Under the directive, Deposit Money Banks, Payment Service Banks, Microfinance Banks, Finance Companies, Development Finance Institutions and Payment Service Providers are required to complete and submit the assessment through a dedicated portal.
READ ALSO:
- FG Debunks Viral ‘25% Building Materials Tax’ Claim
- LIRS Urges Taxpayers to File Returns Ahead of March Deadline
- CAPPA Slams Lagos Over ‘Secret’ Water PPP Deals
- Nigeria Banks Secure ₦3.85trn in Capital Raise
- FGN Bond Auction Attracts ₦931bn in March – DMO
The apex bank said access details and guidance would be communicated to Chief Information Security Officers and other relevant officials.
According to the statement, deposit money banks have been given three weeks to comply, while all other institutions are expected to submit within five weeks.
The CBN specified that all data provided must be as of December 31, 2025, and supported with relevant documentation where necessary.
It also stressed that “all information submitted… must be accurate, complete, and verifiable,” warning that “submission of false, misleading, or inaccurate information constitutes a regulatory breach” under the Banks and Other Financial Institutions Act (BOFIA) 2020.
The apex bank further disclosed that it would conduct validation exercises, including off-site reviews and supervisory engagements, to verify submissions, adding that the directive takes immediate effect.
Alex is a business journalist cum data enthusiast with the Pinnacle Daily. He can be reached via ealex@thepinnacleng.com, @ehime_alex on X
